package com.hank.config;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }



    protected void configure(HttpSecurity http) throws Exception {

        http
            //关闭csrf
            .csrf().disable()
    //不通过Session获取SecurityContext
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
    //对于登录接口，允许匿名访问
                .antMatchers("/**").anonymous()
    //除上面的所有请求全部需要认证
                .anyRequest().authenticated();

//        http.authorizeRequests()
//                .antMatchers("/**").permitAll()
//                //需要权限ROLE_COMMON 才可以访问的路径   <a th:href="@{/common/test}">去test.html</a>
//                //.antMatchers("/common/**").hasRole("COMMON")
//                // 只有具有任意的某个权限就可以访问其他访问-没有权限还是无法访问的
//                .anyRequest().authenticated()
//                .and()
//                .formLogin()
//                .loginProcessingUrl("/login")
//                .and()
//                .csrf().disable();;
}


    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}
